asyncrat | RIP_YOUR_PC_LOL[.]bin[.]zip

Resubmissions

15-04-2023 18:24

230415-w2c15sfb37 10

Sharing

Copy URL

Twitter E-mail

General

Target

RIP_YOUR_PC_LOL.bin.zip
Size

18.5MB
MD5

583d5445a319588293538aa4d22cfc89
SHA1

40116403164ff48921603e77db604036cb52eddc
SHA256

a20103b2cca0ba56f3eb33cc6adcc4bbcbe2d3a1d7fb9627e5c72fae70ef3458
SHA512

fdfdb0fc27687a1a7b05392e88539ed1c6cf3a9cb30a0c6c2301b573c70e90b5f8776ed1ed2848cee691da6473effafb5932d6043ea3f2e4c284505463cff89e
SSDEEP

393216:FG1RKwIwlCxqWsVO+zND8jy64eAglTjLeb/q9A80FUFjE:Y1038WsVOyGjt4eAglTj6i9iFUxE

Score

10^/10

rat asyncrat blackmoon nanocore njrat

Malware Config

Signatures

Async RAT payload 1 IoCs

rat

Processes:

resource	yara_rule
static1/unpack001/RIP_YOUR_PC_LOL.bin	asyncrat

Asyncrat family
asyncrat
Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/RIP_YOUR_PC_LOL.bin	family_blackmoon

Nanocore family
nanocore

Nirsoft 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/RIP_YOUR_PC_LOL.bin	Nirsoft

Njrat family
njrat

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

Processes:

resource	yara_rule
static1/unpack001/RIP_YOUR_PC_LOL.bin	MailPassView

NirSoft WebBrowserPassView 1 IoCs

Password recovery tool for various web browsers

Processes:

resource	yara_rule
static1/unpack001/RIP_YOUR_PC_LOL.bin	WebBrowserPassView

Files

RIP_YOUR_PC_LOL.bin.zip
.zip

Password: infected
RIP_YOUR_PC_LOL.bin
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 22.5MB - Virtual size: 22.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 22.5MB - Virtual size: 22.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 22.5MB - Virtual size: 22.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B